This past month the new Congress and Administration have been busily wrapping up economic recovery legislation. There are more details on each item below, as well as on our weblog at http://www.acm.org/usacm/weblog:

* USACM issues new technical principles intended to promote increased transparency and accountability in government to serve a growing online community seeking access to publicly available data

* USACM commends Congress and the Administration for substantially increasing research funding within several key agencies

* The National Institute of Standards and Technology released a report on research they conducted on the Voluntary Voting System Guidelines (VVSG).

* A rule that would require federal contractors to use E-Verify Contractor was delayed and the program was not in the economic recovery legislation as some had though it would.

* The House of Representatives passed a bill focusing on protecting an individual’s privacy on the “no-fly list”.

[2] USACM OUTLINES TECHNICAL PRINCIPLES FOR OPEN GOVERNMENT

With the explosion of user-created content on the web, it is clear that the Federal government should take advantage of this trend by adopting policies that promote the reuse of government data. To help achieve this goal, USACM released a statement with recommendations on making government open and accessible to the public.

The recommendations are:

* Data published by the government should be in formats and approaches that promote analysis and reuse of that data.

* Data republished by the government that has been received or stored in a machine-readable format (such as online regulatory filings) should preserve the machine-readability of that data.

* Information should be posted so as to also be accessible to citizens with limitations and disabilities.

* Citizens should be able to download complete datasets of regulatory, legislative or other information, or appropriately chosen subsets of that information, when it is published by government.

* Citizens should be able to directly access government-published datasets using standard methods such as queries via an API (Application Programming Interface).

* Government bodies publishing data online should always seek to publish using data formats that do not include executable content.

* Published content should be digitally signed or include attestation of publication/creation date, authenticity, and integrity.

USACM lauded funding dedicated to research and education investments in the American Recovery and Reinvestment Act. The Act provides a substantial boost for many key scientific agencies. These include: NSF with +$3 billion (where NSF’s total funding for FY09 is around $6 billion), NIST with +$580 million and Department of Energy Office of Science with +$1.6 billion. This is huge and welcome news since funding for physical sciences has been flat for many years; therefore weakening the innovation ecosystem.

The National Institute of Standards and Technology conducted research into specific voting issues in response to a request from the Election Assistance Commission (EAC). The research focused primarily on the state of six specific technical issues that are affected by the next iteration of the Voluntary Voting System Guidelines (VVSG-NI). Some of these issues include: possible alternatives to the requirement of Software Independence (SI) (a proposed requirement that all systems would have to have some verification system that was independent of the underlying software), [a feasibility study of the ramifications of the EAC], and the impact of early voting and vote centers on the VVSG.

USACM is specifically interested in SI alternatives and a study on the impact of the EAC. The NIST research found that proposed alternatives to SI (end-to-end encryption systems, independent verification, and secure audit ports) needed “significant research and prototyping before requirements could be written for the VVSG-NI.” NIST also offered another alternative to SI of using Innovation Class systems with an auditability requirement. The NIST research regarding the feasibility study detailed the challenges of using auditability as a replacement requirement, including the difficulty of finding a well-accepted definition that was sufficiently robust.

Having recently received this document from NIST, it is unclear as to what steps the EAC will take next with the VVSG.

[5] NEW LEGISLATION PROPOSES INCREASE IN DATA RETENTION

New Internet safety legislation aimed at addresses the problems of child pornography received mixed reviews from privacy advocates. This legislation would mandate Internet service providers (ISPs) to retain subscriber information for up to two years.

The head of the U.S. Internet Service Provider Association noted that it is important to see the effects of the Bush Administration previous child safety measures prior to advancing this legislation. However, the Center of Democracy and Technology General Counsel said that the current data preservation methods are robust and any new efforts to increase retention may undermine privacy. One of USACM’s main concerns in privacy is the minimization of personal information. This is addressed in the USACM Policy Recommendations on Privacy, which be read at:

The deadline for the E-Verify program has be effectively postponed until late May. There was no E-Verify participation requirement in the economic recovery legislation that passed in February. In early drafts of the legislation, the Senate had proposed companies that receive recovery funding would be mandated to participate in E-Verify.

The E-Verify program is a proposed national electronic employment verification system. Some federal contractors and subcontractors were supposed to start participating in the program earlier this year. However, in response to litigation from business groups the Bush Administration had postponed this date to February 20. The Obama Administration pushed the date further back as part of a review of all Bush Administration rules and regulations that had not taken effect by the transition in power. The new deadline will be sometime in May.

In early February the House of Representatives passed legislation that would force the Department of Homeland Security (DHS) to apply an important privacy principle to the so-called “no-fly list” maintained by the Transportation Security Administration (TSA). The bill, called the FAST Act (HR 559), requires the Secretary of Homeland Security to “establish a timely and fair process” for people who were delayed, barred from a flight, or otherwise affected by a wrong identification against any database run by DHS, or its agencies like the TSA. Part of this process would include creating a cleared list of people who had been misidentified and allowed their personal information to be shared across DHS agencies.

The bill focuses on an important part of protecting individual privacy – allowing individuals the opportunity to review and correct their information held by another party. Having a redress and correction procedure is an element of the USACM Policy Recommendations on Privacy, which are available online at:

USACM is the U.S. Public Policy Committee of the Association for Computing Machinery (ACM). With over 90,000 members, ACM is the world’s largest educational and scientific computing society, uniting educators, researchers and professionals to inspire dialogue, share resources and address the field’s challenges. ACM strengthens the computing profession’s collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.

USACM acts as the focal point for ACM’s interaction with the U.S. Congress and government organizations. It seeks to educate and assist policy-makers on legislative and regulatory matters of concern to the computing community.